New Particularly Malicious Malware Signature

There is a new malware that is particularly malicious. When it infects a computer, it will give it several malware files--looks like ransomware, an info stealer and a remote access trojan. It is usually distributed via phishing and looks like a text file, but it is actually an encoded malware file. I don't know where it is being distributred or to whom, so the safe thing is to assume it may be distributed to anyone. Below are several MDB signatures for the primary executables.

Copy the MDB signatures to a Notepad file and save it in the ClamWin db program data folder, or add the signatures to an existing MDB file if you already have one in the folder. Do not save the file with a .txt or .text extension on the end of the name. Save the file as Sigfile.mdb. Select file type All Files to prevent the .txt or .text from being used at the end of the filename. ClamWin is unable to recognize a text file as a signature. After saving the file, scan something with ClamWin to make sure the signatures work--delete the signature file if it does not or remove the signatures from an existing MDB file if you have one there.

Signatures may last up to a week or longer, depending upon how lazy the malware authors are about changing their version. MDB signatures are signatures for a section of a malware file, and they sometimes can last up to a month, especially if the section is re-used in another malware.


